What’s Done Is Not What’s Claimed: Detecting and Interpreting Inconsistencies in App Behaviors
Chang Yue
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Mobile Security
Mobile applications have become indispensable, yet their extensive access to private user data—such as contacts, photos, and locations—poses significant privacy risks. Despite operating systems providing mechanisms for users to grant or deny permissions, a critical gap persists: users often struggle to comprehend *why* specific permissions are requested, and even when restrictions are in place, apps may surreptitiously access sensitive information without explicit user consent or awareness. This talk introduces **InComputer**, a novel system designed to bridge this information asymmetry by empowering users to understand the actual behaviors of their apps and assess associated privacy risks.
AI review
Competent academic systems paper with real engineering behind it — static analysis plus data flow plus LLM-powered natural language explanation is a sensible pipeline and the numbers are credible. Nothing here will make a vendor sweat or rewrite a threat model, but it's honest work that fills a genuine gap in the literature.